04-25-2006, 06:18 PM
|
Techie
|
|
Join Date: Apr 2006
Posts: 84
|
|
Server Security - DDoS attacks
How would you protect your server from DDoS attacks? I am new at these kind of stuff and I am curious..
|
04-26-2006, 03:39 AM
|
Platinium Techie
|
|
Join Date: Jan 2005
Location: Edmonton, Alberta, Canada
Posts: 1,078
|
|
I'm no expert at managing servers though I do have some prior hacking/linux type based experience in the good ol' days. If memory serves me correctly, and if things haven't changes all that much... I believe there is not much you can do to stop these types of attacks. If someone really wants to do it then they will. You can only really try and stop the effects of the attacks.
__________________
Microsoft believes in making computing easier! What could be easier for consumers than having only ONE choice of software?!?
|
04-26-2006, 06:45 PM
|
Techie
|
|
Join Date: Apr 2006
Posts: 84
|
|
Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.
|
04-26-2006, 07:38 PM
|
|
- Don't make enemies.
- Don't promote immoral, unethical, sectarian, political, inhumane, anti-intellectual property products or services.
The list can continue, even to things you assume are good. Just don't piss off the wrong nerd.
A way to beat them to it if you know who is against your organization is to research the person and take control of their botnet before they tell it to kill your server.
Or the aftermath approach, take the server down, analyze all your logs and determine which sequences were of a DDoS style and ban all those IP's when you associate your server to a new IP/and/or hosting service.
|
04-26-2006, 08:18 PM
|
Platinium Techie
|
|
Join Date: Jan 2005
Location: Edmonton, Alberta, Canada
Posts: 1,078
|
|
Quote:
Originally Posted by lpxxfaintxx
Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.
|
Yeah, you can go the firewall route, and it does help to a degree if properly configured. But again, if they really want to they will.
__________________
Microsoft believes in making computing easier! What could be easier for consumers than having only ONE choice of software?!?
|
04-27-2006, 06:43 AM
|
Techie
|
|
Join Date: Apr 2006
Posts: 84
|
|
Oh, thanks for the replies.
Some people attack just for fun
|
04-27-2006, 10:46 PM
|
Lab Master Techie
|
|
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
|
|
Get a beefy server!
The advise about banning ddos IPs is probably the best if you already have a good firewall.
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net
|
04-28-2006, 01:50 AM
|
|
a firewall isn't going to help against a DDOS. if packets are getting through to your pipe, even if you are denying them, you're pipe is going to be getting filled with data and become useless. Further, your firewall hardware may become overburdened by the size, number of packets coming on over the network can kill it. With a DOS attack, yo ucan generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario
|
04-28-2006, 11:49 AM
|
Lab Master Techie
|
|
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
|
|
and especially if they're overseas in a 3rd world country
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net
|
04-28-2006, 02:20 PM
|
|
Quote:
Originally Posted by James
With a DOS attack, you can generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario
|
I don't see how you could do this in realtime, unless it was only a single attacker. If a DDoS hit you it would take a long time to analyze the logs and determine what sequence the attack was working on.
Even if you were adept, determining that sequence may be faster, but you'd still have to find the sources of the IP's and call the ISP's who own the IP blocks. These calls may take tens of minutes or longer on hold and whatnot. The entire time your firewall's buffer and your bandwidth is reaching critical mass.
Quote:
Originally Posted by Jason425
and especially if they're overseas in a 3rd world country
|
are you saying that ISP's overseas are less responsible for malicious activities of their clients?
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 06:56 AM.
Powered by vBulletin® Version 3.6.5 Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
|